DHA Home About DHA Human Resources Contact Us FOIA Site Map
Skip Navigation LinksDHA Home > Clinical Operations and Patient Care > TMA Privacy Office > DSAs > Data Sharing Agreement Application (DSAA) Reviews
Infinite Menus, Copyright 2006, OpenCube Inc. All Rights Reserved.

Data Sharing Agreement Application (DSAA) Reviews

The TRICARE Management Activity (TMA) Privacy and Civil Liberties Office (Privacy Office) Data Sharing Agreement (DSA) team reviews each Data Sharing Agreement Application (DSAA) to verify that the following are in compliance with the applicable regulatory requirements:

  • Requested data sharing is permissible under applicable privacy regulations
  • Amount and type of data requested for the purpose listed in the DSAA are considered “minimum necessary”
  • Information system(s) used to store, transmit, process, or otherwise maintain data owned and/or managed by TMA have appropriate physical, administrative, and technical safeguards
  • Data accessed from a Military Health System (MHS) system of records are used in accordance with the purpose set forth in a corresponding System of Records Notice (SORN), as required by Department of Defense (DoD) Privacy Program (DoD 5400.11-R)
  • Contractors requesting to use and/or create protected health information (PHI) in support of a DoD initiative may need to have incorporated a Business Associate Agreement (BAA) into their current contract
  • Data requests requiring the use of a survey may require approval from Washington Headquarter Services (WHS) and/or Office of Management and Budget (OMB)
  • Data requests involving research have obtained secondary review by the Human Research Protections Officer and are determined to be compliant with the Common Rule. The Guide for DoD Researchers on Using MHS Data for Department of Defense (DoD) researchers who plan to request Military Health System (MHS) data for research purposes is now available. For further information click on Guide for DoD Researchers on Using MHS Data here.
  • Requests for PHI involving research are approved by the TMA Privacy Board to ensure compliance with Health Insurance Portability and Accountability Act (HIPAA)

“On October 1, 2013, the Department of Defense established the Defense Health Agency (DHA) to manage the activities of the Military Health System. These activities include those previously managed by TRICARE Management Activity (TMA), which was disestablished on the same date. During the next several months, all TMA websites will change to reflect the new DHA. We appreciate your patience during this transition."
DoD Seal
7700 Arlington Boulevard, Suite 5101, Falls Church, VA 22042-5101
The appearance of hyperlinks to external Web sites does not constitute endorsement by the TRICARE Management Activity of these Web sites or the information, products or services contained therein. For other than authorized government activities, TRICARE Management Activity does not exercise any editorial control over the information you may find at other locations. Such links are provided consistent with the stated purpose of this DoD Web site. Accessibility/Section 508